Illustration: Aïda Amer/Axios

Victims of ransomware attacks who pay criminals to release their data may be held liable for violating U.S. sanctions — even if they don’t know the true identity of their tormentors, advised the Treasury Department in a bulletin last week.

Why it matters: The move could doubly punish the victims of ransomware attacks.

Between the lines: The cyber criminals responsible for major ransomware attacks do not often volunteer their true identities to their victims, and the payment schemes are generally conducted anonymously using cryptocurrency.

  • It’s not just victims who might be subject to civil penalties for paying sanctioned ransomware attackers, says the Treasury, but also “those involved in providing cyber insurance, digital forensics and incident response, and financial services that may involve processing ransom payments.”

Background: The Treasury, through its Office of Foreign Assets Control, sanctions entities and individuals deemed national security threats — including state-linked hackers, terrorists and even transnational cyber criminal groups. Under these sanctions, U.S. persons or businesses are totally forbidden from facilitating or carrying out any financial exchange with these entities.

  • Some of these sanctioned groups, like the Russian cyber criminal syndicate Evil Corp, act generally on their own behalf and are motivated by private profit.
  • But other sanctioned entities, like the Lazarus Group, which is directly connected with North Korean intelligence, use ransomware attacks to pad the coffers of foreign governments.

By the numbers: Reports of ransomware attacks increased 37% from 2018 to 2019, according to the FBI, with a 147% spike in “associated losses” during that period, per the Treasury bulletin.

Go deeper: 🎧 Axios Re:Cap podcast: American health care held for ransom (listen here)

Go deeper

Oct 8, 2020 - World

U.S. places massive sanctions on Iranian financial sector

A handout image from the Iran International Photo Agency shows a view of the reactor building at the Bushehr nuclear power plant. Photo: IIPA via Getty Images

The U.S. Treasury on Thursday imposed a sweeping set of sanctions on 18 major Iranian banks in a move that could blow apart the international remnants of the country's 2015 nuclear deal.

Why it matters: "The move all but severs Iran from the global financial system, slashing the few remaining legal links it has and making it more dependent on informal or illicit trade," per Bloomberg.

Pence to continue traveling despite aides testing positive for COVID-19

Marc Short with Pence in March. Photo: Drew Angerer/Getty Images

Marc Short, Vice President Mike Pence’s chief of staff, tested positive for the coronavirus Saturday and is quarantining, according to a White House statement.

Why it matters: Short is Pence's closest aide, and was one of the most powerful forces on the White House coronavirus task force. Pence and second lady Karen Pence tested negative for the virus on Sunday morning, according to the vice president's office.

AOC: "Extremely important" that Biden offer Bernie Sanders a Cabinet position

Rep. Alexandria Ocasio-Cortez (D-N.Y.) said on CNN's "State of the Union" Sunday that she believes it's "extremely important" that Joe Biden offer Sen. Bernie Sanders and other progressive leaders Cabinet positions if he's elected president.

The big picture: Ocasio-Cortez was pressed repeatedly on policy differences between her and the more moderate Biden, including her opposition to fracking and support for Medicare for All. She responded that it would be a "privilege" and a "luxury" to be able to lobby a Biden administration on progressive issues, insisting that the focus right now should be on winning the White House.